Ilari Liusvaara <ilariliusva...@welho.com> writes: >The TLS-style asymmetric designs don't come even close to cutting it if >client lacks good entropy source.
Actually they're fine, see the comment about using entropy from both sides. You can run one side of a TLS communication with zero entropy (just a fixed secret) if you mix the client and server hello into your PRNG alongside the fixed secret data. >Heck, I have seen board advertised for "IoT" applications where the way I >loaded new software was to transfer the C++11 source via either USB stick or >via TCP/IP over ethernet and then use GCC on the board itself to make a >binary... That's how you do development work for the CI20. It's actually rather convenient, you just plug it in, SSH over, and you're ready to go. Maybe that's one way to identify whether your "IoT device" falls into the desktop-PC equivalent class, if it can self-host its own build tools it's a PC. If you upload a single solid blob that's the BSP/OS and application all in one over a serial port and debug it using whatever cavemen used to debug fire then it's embedded/IoT/SCADA/whatever. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
